Details
-
Task
-
Resolution: Done
-
Neutral
-
None
-
None
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
Description
We keep running into the discussion of whether we should perform some upgrades, such as: https://git.magnolia-cms.com/projects/BUILD/repos/boms/pull-requests/1293/overview
Let's instead go with the following policy:
- if a security vulnerability requires it, we will allow a library pair to become out of sync. For instance: H2 normally should be in sync with version in JR, which we'll do 99% of the time, but if the particular H2 version is vulnerable, then we will temporarily bump it
- otherwise, let's just plain disable Renovate PRs for those library. They are essentially noise.
Checklists
Acceptance criteria